Help with HIPAA Compliance
Help with HIPAA Compliance
Helping you understand the complexities of compliance under the HIPAA Security and Privacy Rules. Our team of experts in regulatory compliance can answer any questions you may.
Colington Consulting

HIPAA Training:  What is Required for My Practice?

HIPAA Training: What is Required for My Practice?

1/10/2015 7:31:44 AM   |   Comments: 0   |   Views: 306

Let me try to bring some clarity to what is required for HIPAA Security Awareness Training, especially dental providers that utilize electronic health records (EHR) and/or file electronic health insurance claims.  The U.S. Department of Health and Human Services (HHS) provides guidance for the Privacy Rule and the Security Rule training requirements.  The description of each is very similar; however there are four specific implementation specifications that must be met for the Security Rule.

A simple way to determine what rule applies to your specific situation is this: the Privacy Rule covers those practices utilizing paper charts; the Security Rule covers practices utilizing EHR.   Even if your practice utilizes EHR, most of the Privacy Rule is still applicable regarding patients’ privacy issues. 

The following is a breakdown of the requirements for each:

HIPAA Privacy Rule § 164.530(b)

A covered entity must provide training that meets the requirements of this Code of Federal Regulation (CFR), as follows:

  • The training for a covered entity must cover all policies and procedures with respect to protected health information;
  • Each member of the covered entity's workforce must receive the training;
  • The training must occur within a reasonable period of time after the new staff member joins the covered entity's workforce;
  • A covered entity must document that the training was provided;
  • Training must occur on an annual basis, at minimum.

Security Rule, Section §164.308(a)(3) 

A covered entity and business associate must provide training that meets the requirements of this Code of Federal Regulation (CFR), as follows:

  • The training for a covered entity and business associate must cover all policies and procedures with respect to safeguards for electronic protected health information;
  • Each member of the covered entity's and business associate’s workforce must receive the training;
  • The training must occur within a reasonable period of time after the new staff member joins the covered entity's or business associate’s workforce;
  • A covered entity and business associate must document that the training was provided;
  • Training must occur on an annual basis, at minimum.

 According to the CFR for the Security Rule, the following four implementation specifications must be covered:

  1. Security reminders that include periodic security updates;
  2. Protection from malicious software.  Training should cover procedures guarding against, detecting and reporting malicious software;
  3. Log-in monitoring.  The training needs to inform the workforce of monitoring log-in attempts and cover procedures for reporting discrepancies;
  4. Password management.  Training needs to cover procedures for creating, changing and safeguarding passwords.

As you can see, both rules cover a number of the same requirements.  However, one major difference is the HIPAA Security Rule extends to business associates and includes the four specifications. 

Here are five best practices to follow regarding HIPAA Security Awareness Training:

  1. A training program must be in place that covers workplace policies and procedures for safeguards for all protected health information.
  2. All training needs to be documented.  This includes keeping a list of those who received the training and the completion dates.
  3. Training must be conducted on an annual basis.  It is a great idea to also make available periodic refreshers.
  4. Training should cover your Sanction Policy.  This explains what disciplinary action could occur if the policies and/or procedures are violated. 
  5. Training for the HIPAA Security Rule must cover the four implementation specifications.

If you need assistance with HIPAA Security Awareness Training, please contact us.  We offer an easy to use web based training program that can be completed in about an hour along with other training options.  

 

 

More Like This

Total Blog Activity

769
Total Bloggers
7,939
Total Blog Posts
2,967
Total Podcasts
1,300
Total Videos

Sponsors

Townie Perks

Townie® Poll

Do you allow parents into the operatory?
  

Site Help

Sally Gross, Member Services
Phone: +1-480-445-9710
Email: sally@farranmedia.com

Follow Dentaltown

Mobile App

WITH DENTALTOWN . . . NO DENTIST WILL EVER HAVE TO PRACTICE SOLO AGAIN®

WWW.DENTALTOWN.COM - WHERE THE DENTAL COMMUNITY LIVES®

9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 · Phone: +1-480-598-0001 · Fax: +1-480-598-3450
©1999-2019 Dentaltown, L.L.C., a division of Farran Media, L.L.C. · All Rights Reserved